Path: utzoo!attcan!uunet!husc6!rutgers!mcnc!duke!romeo!ndd
From: ndd@romeo.cs.duke.edu (Ned D. Danieley)
Newsgroups: comp.unix.wizards
Subject: Re: Booting SunOS 4.0 singlu user (was Re: NFS security)
Keywords: NFS, mknod
Message-ID: <12397@duke.cs.duke.edu>
Date: 8 Sep 88 13:19:10 GMT
References: <126@leibniz.UUCP> <670028@hpclscu.HP.COM> <1394@basser.oz> <1202@luth.luth.se> <66897@sun.uucp> <14186@comp.vuw.ac.nz> <3168@emory.uucp>
Sender: news@duke.cs.duke.edu
Reply-To: ndd@romeo.UUCP (Ned D. Danieley)
Organization: Duke University CS Dept.; Durham, NC
Lines: 34

In article <3168@emory.uucp> arnold@emory.UUCP (Arnold D. Robbins {EUCC}) writes:
>In article <14186@comp.vuw.ac.nz> duncan@comp.vuw.ac.nz (Duncan McEwan) writes:
>>....  I think SunOS 4.0 can be configured to require the
>>superuser password before coming up in single user mode.
>>
...
>This feature is straight-forward, and fairly elegant. The file /etc/ttytab
...
>The 'secure' on the line for the console has the usual meaning of "root
>can log in on this terminal", and is also overloaded to mean "OK, you can
>come up with a single user root shell". If 'secure' is missing, or /etc/ttytab
>is not there, then the system prompts for the root password when booting
>single user.
...
>Arnold Robbins -- Emory University Computing Center
>DOMAIN:	arnold@unix.cc.emory.edu (finally!)





If I understand what you've described, the only way to protect a
workstation from someone booting it single user is to deny root
the ability to log in on that workstation. Doesn't sound very elegant
to me.




Ned Danieley (ndd@sunbar.mc.duke.edu)
Basic Arrhythmia Laboratory
Box 3140, Duke University Medical Center
Durham, NC  27710
(919) 684-6807 or 684-6942